LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the BSI-Standards and the IT-Grundschutz-Kompendium, and how do they fit together?

The BSI-Standards (200-1 / 200-2 / 200-3 / 100-4) describe the methodology of an ISMS and IT-Grundschutz. The Kompendium is the content library: 80+ Bausteine (building blocks), each with threats and concrete safeguards.

BSI-Standards 200-x methodology on the left, Kompendium content library on the right, 200-2 drawing controls from it

* Split of labour: the 200-x standards give the method; the Kompendium supplies the actual controls (Bausteine). *

BSI-Standard Topic
200-1 Management systems for information security (ISMS)
200-2 IT-Grundschutz methodology
200-3 Risk analysis based on IT-Grundschutz
100-4 Notfallmanagement (emergency / business continuity)

The IT-Grundschutz-Kompendium structure:

Kapitel Content
Kapitel 1 Vorspann (intro)
Kapitel 2 Schichtenmodell und Modellierung
Elementare Gefährdungen (47 generic threats)
Process-Bausteine: ISMS, ORP, CON, OPS, DER
System-Bausteine: IND, APP, SYS, NET, INF

The Kompendium shrank from 4000+ pages to 816 pages by consolidating implementation guidance into Bausteine.

Tip: Don't read the Kompendium cover-to-cover. The right way is: pick the Bausteine that match your environment (e.g., NET.1.1 Netzarchitektur, APP.5.3 E-Mail-Server), and use those as your control roadmap.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026